slurm/pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch

From 33d78f2db60d3a86c38512f0502df559782cbdf6 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 14:08:07 +0100
Subject: [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data
 into message

Using memcpy, an amount of undefined data from the stack will be copied
into the target buffer. While pam_conv probably doesn't evalute the
extra data it still unclean to do that. It could lead up to an
information leak somewhen.

Signed-off-by: Christian Goll <cgoll@suse.de>
---
 contribs/pam_slurm_adopt/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contribs/pam_slurm_adopt/helper.c b/contribs/pam_slurm_adopt/helper.c
index 9c3e202a87..1bac0a0fcf 100644
--- a/contribs/pam_slurm_adopt/helper.c
+++ b/contribs/pam_slurm_adopt/helper.c
@@ -128,7 +128,7 @@ send_user_msg(pam_handle_t *pamh, const char *mesg)
 
 	/*  Construct msg to send to app.
 	 */
-	memcpy(str, mesg, sizeof(str));
+	strncpy(str, mesg, sizeof(str));
 	msg[0].msg_style = PAM_ERROR_MSG;
 	msg[0].msg = str;
 	pmsg[0] = &msg[0];
-- 
2.16.4
Accepting request 657422 from home:mslacken:slurm18 - restarting services on update only when activated - added rotation of logs - Added backported patches which harden the pam module pam_slurm_adopt (BOO#1116758) which will be in slurm 19.05.x * added pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch [PATCH 1/3] pam_slurm_adopt: avoid running outside of the sshd PAM * added pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data * added pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is logging on - package slurm-pam_slurm now depends on slurm-node and not on slurm OBS-URL: https://build.opensuse.org/request/show/657422 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=79 2018-12-12 10:28:26 +01:00			`From 33d78f2db60d3a86c38512f0502df559782cbdf6 Mon Sep 17 00:00:00 2001`
			`From: Matthias Gerstner <matthias.gerstner@suse.de>`
			`Date: Wed, 5 Dec 2018 14:08:07 +0100`
			`Subject: [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data`
			`into message`

			`Using memcpy, an amount of undefined data from the stack will be copied`
			`into the target buffer. While pam_conv probably doesn't evalute the`
			`extra data it still unclean to do that. It could lead up to an`
			`information leak somewhen.`

			`Signed-off-by: Christian Goll <cgoll@suse.de>`
			`---`
			`contribs/pam_slurm_adopt/helper.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/contribs/pam_slurm_adopt/helper.c b/contribs/pam_slurm_adopt/helper.c`
			`index 9c3e202a87..1bac0a0fcf 100644`
			`--- a/contribs/pam_slurm_adopt/helper.c`
			`+++ b/contribs/pam_slurm_adopt/helper.c`
			`@@ -128,7 +128,7 @@ send_user_msg(pam_handle_t pamh, const char mesg)`

			`/* Construct msg to send to app.`
			`*/`
			`- memcpy(str, mesg, sizeof(str));`
			`+ strncpy(str, mesg, sizeof(str));`
			`msg[0].msg_style = PAM_ERROR_MSG;`
			`msg[0].msg = str;`
			`pmsg[0] = &msg[0];`
			`--`
			`2.16.4`